Using the Privileged Accounts Discovery Tool

February 9th, 2016

SHARE THIS

Tags

Thycotic has released yet another free IT tool for Admins in an effort to help them discover where privileged accounts may be utilized within their infrastructure. Utilizing a free tool such as this can be important in many scenarios including:

Identifying the use of what unfamiliar accounts may be utilized for (think Active Directory cleanup)

A huge benefit of this tool is that it’s both agentless and does not require an installation on the host performing the scan. Additionally, it’s only 14MB when compressed and 37MB when extracted, making it extremely portable for IT professionals. For such a small tool, it’s fairly simple to see how powerful it can be for even the largest enterprise. Tie this tool’s results with Excel formulas or something like BeyondCompare and it could become a fairly powerful auditing tool.

To get started with the tool, download the application from Thycotic using the link above. Extract the contents of the .zip file and run the executable (yup, it’s that easy). Enter the domain you wish to scan and appropriate credentials for the servers and workstations you wish to scan. (Thycotic states that the account must have administrative privileges on the target hosts.) Select the appropriate scan, or choose both, and start the scan. Upon completion, the tool asks for a company name to append to the report’s title and saves the results in a variety of formats in the location chosen.

In viewing the results, start with the Executive Summary (the file is named ThycoticWindowsAccountAnalysis – domain – date). This quick and great looking report gives you a quick breakdown of items such as what Windows Components are utilizing these accounts (services, scheduled tasks, application pools, etc), whether the account is marked for password expiration, and the age of the existing password tied to that account. Furthermore, the report displays what service accounts it discovered and how many instances of said accounts were found across the infrastructure.

Last but not least, the results are also available as a CSV which provide you all the discovered accounts, the name of the host it was found on, and where on that host it’s being utilized. It also provides the Password Last Set Date and the expiration status of said account. An example of these results are shown below:

The only change to the tool that I’d love to see is the ability to scan using IP Range. This would enable the discovery of hosts sitting in a segregated DMZ or when a user wants to discover accounts on specific hosts where scanning the entire domain might not be feasible. The great folks at Thycotic have already sent this feedback to the developers so hopefully we’ll see a version 2.0 with new features.

So discover away you IT admins, you consultants, and security pros. Take control of your privileged accounts and run a more secure business.

Bryan Krausen is a Technical Architect with AHEAD and has over 15 years of enterprise IT experience across a vast number of platforms. He’s spent the last 9 years focused on VMware and datacenter technologies. Bryan has been named VMware vExpert for 2014, 2015, and 2016 and holds certifications such as VCAP5-DCA, VCP5-DV, VCP4-DV, VCP3, VCP5-DT, MCSA, MSTS, and more.